malwarewikiaorg-20200223-history
Goggle
Not to be confused with the typosquatting website, Googe. Goggle.com was considered by some to be a dangerous typosquatting site for Google.com made in 2004. It would appear if a user mistyped the domain "Google.com", however, "goggle" is a defined word to mean "to stare with wide or protuberant eyes ". Additionally, Google has apparently agreed that "the word goggle will not be considered as a misspelling of the word google." The website was active from 2004 to 2007. Once it was accessed, the domain would instantly download several viruses and other malware and start to spam pop-ups, some of which containing pornographic imagery. In addition to the malware it downloaded on the victim's computer, it used the WMF exploit to install the rogue antivirus SpySheriff. All the malware together had the potential to damage the computer severely and may require the victim to re-install their operating system, losing all of their files and data on the computer. In 2006, the site was used as a video/ad for McAfee SiteAdvisor (Now McAfee WebAdvisor) by Greg Bertrand. Goggle.com and Goggle.org is blacklisted from the Wayback Machine. Site History 2006 The Site was featured in a McAfee SiteAdvisor (Now McAfee WebAdvisor) video/ad by Greg Bertrand as "Spyware Rubbernecking" in which the person in the video goes to Goggle.com. The song used in the video is Stipendium Peccati. It was uploaded on September 29th, 2006 by YouTube User Shane Keats. However, the McAfee ad is the only known documented video in 2006. 2007 Google was offered the right of first refusal to purchase goggle.com but declined. 2009 It became a survey in which a user could take in order to win popular gadgets, such as an iPhone or an iPad. Of course, like every other similar survey, it was a scam, and the survey was taken down in somewhere between 2012 and 2013. 2011 Google Inc. filed a second UDRP complaint against Goggle.com, Inc. over the domain goggle.com. (It previously filed a UDRP complaint against Knowledge Associates over the domain goggle.com but had entered into a settlement agreement which allowed Knowledge Associates to continue to use/own goggle.com. Later, Google was offered the right of first refusal to purchase goggle.com but declined.) Google did not submit the pre-existing settlement agreement regarding goggle.com and "the only reference to the fact of its existence was hidden away in the only footnote to its entire 15-page Complaint." Goggle.com Inc. submitted the "Co-existence Agreement" which allows for the use of goggle.com subject to certain terms and conditions. The UDRP was resolved on the basis of the panel declining jurisdiction. As an assignee of the original Co-existence Agreement, there exists a contractual agreement between Google Inc and Goggle.com Inc in relation to the registration and use of the domain name. http://domains.adrforum.com/domains/decisions/1403690.htm: “The Panel declines jurisdiction over this Complaint”. What the panel decided is that the UDRP didn’t apply to the dispute. There was no determination made of any UDRP element. 2016 The survey was brought back, but instead of the free iPhone "offer" at the end, it redirects the user to a "free movie" phishing website based in Cyprus. However, if the visitor removes everything after "registration" in the URL for that site, it turns out to actually be a game host. It is unable to infect iOS devices, however. In late 2016, the site was turned into a shopping site, although all of its entries would just redirect to Amazon entries. 2017 The domain website appeared to be dead since there was nothing on its HTML data other than the word "goggle". 2019 It used to redirect to tango-deg.com, which is either a shut-down web page, a fake Adobe Flash Update, or a survey scam that depends on the region the user lives in. As of August 2019, it will redirect depending on the region the user lives in. In the United States, it will currently redirect to top5-bestmealdelivery.com. A "Top 5 Meal Delivery Service” Comparison website. making it, for now, an inactive virus. In some areas, it will take the user to a holding page with nothing but the text “Goggle.com Inc.” on the top left, as the redirect code doesn’t activate. As of September 19th 2019, it also used redirects to a survey which says with a banner: "Your opinion is important. This 25-second US election study is being conducted by Goggle Inc. powered by RlWl. No personally identifiable data are collected." In some areas, it will still take the user to the "Goggle.com Inc." page, but this time the domain name redirects to blog.goggle.com. In October 2019, it redirects to blog.goggle.com which hosted presets for Photoshop and Lightroom for $27 which was Copyright by Tim Shields Landscape Photography, before it was moved to a blogging site. In November 2019, it became a blogging site, in some place, the website refused to load (Likely Offline). As of November 24, 2019, there is a redirect to a US politics survey at goggle.com and a “diary” about updates on American politics (no redirect) at blog.google.com. These may or may not be related. In addition, there’s more supporting evidence that these two different polls are related than not, such as RIWI being mentioned as an important middleman for gathering vote data in both of the sites. Later of November 24, 2019, at an unknown time, the domain was later purchased by another unknown source, it became a redirect to a poll that was the same redirect in the old Googe, which told the user to enter their age, and gender, there were 3 redirects for it, one of them would be a malicious chrome add on redirect, it may also redirect to a pornographic website, which crashed if the user tried to exit it, However, in some countries, the website still remains Offline. '2020' As of 2020, going on goggle.com crashes the user's system, resulting in a kernel panic. If the user is running GNU/Linux as their Operating System, the site will not affect the system. As of February 2020, goggle.com will redirect the user to a site called "blog.goggle.com". This site does not do anything visually. Media Goggle1.jpg|Message displayed from the website. Want to kill your PC? Go to goggle.com.|Video. Goggle.com|Video 2. Gogglesafe.png|Goggle previously before domain changes. Goggle Now (Sep 2019 - present) fixed.png|Goggle previously after changed to blog.goggle.com (Sep 2019-Oct 2019). Goggle_host_ps_template.png|Goggle become a Lightroom templates page (Oct 2019-present). Goggle Offline.png|Goggle being offline in some country (only works if site failed to redirect when outside US) (2019-present). Whatisyourageandgenderyouropinion.jpg|Goggle as of November 24, 2019 change (May not appear outside US. https___blog.goggle.com - Brave 6_12_2019 12_33_38.png|blog.goggle.com Category:Browser hijacker Category:Adware Category:Trojan dropper Category:Dangerous Website Category:PUP Category:Trojan Category:Typosquatted websites Category:Scam Category:Amazon Category:Phishing website Category:Bloatware Category:Virus Category:Website Category:Malicious website Category:Microsoft Windows Category:Scareware